GRC (Governance, Risk, and Compliance) Analyst

US Remote

About Us:

YipitData is the leading market research and analytics firm for the disruptive economy and most recently raised $475M from The Carlyle Group at a valuation of over $1B. Every day, our proprietary technology analyzes billions of alternative data points to uncover meaningful insights across sectors like software, AI, cloud, e-commerce, ridesharing, and payments.

Our data and research teams transform raw data into strategic intelligence, delivering accurate, timely, and deeply contextualized analysis that our customers—ranging from the world’s top investment funds to Fortune 500 companies—depend on to make thoughtful, high-stakes decisions. From sourcing and licensing novel datasets to careful analysis and clear storytelling, our teams ensure clients receive not just data, but clarity and confidence.

We operate globally with offices in the US (NYC, Austin, Miami, Mountain View), APAC (Hong Kong, Shanghai, Beijing, Guangzhou, Singapore), and India. Our award-winning, people-first culture—recognized by Inc. as a Best Workplace for three consecutive years—emphasizes transparency, collaboration, and continuous growth.

What It’s Like to Work at YipitData:

YipitData isn’t a place for coasting—it’s a launchpad for curious, motivated professionals. From day one, you’ll have the chance to contribute to meaningful projects, accelerate your growth, and connect with teammates who value both impact and support.

Why Top Talent Chooses YipitData:

• Ownership That Matters: You’ll guide projects that have visible and lasting impact.
• Rapid Growth: We help you build years of learning in a short time, with support along the way.
• Merit Over Titles: Trust and responsibility are earned through contributions, not tenure.
• Momentum with Purpose: We move quickly and intentionally, always supporting one another and striving for excellence.

If your ambition is matched by your work ethic—and you’re looking for a place where growth, collaboration, and impact are the norm—YipitData may be the opportunity you’ve been waiting for.

About The Role:

The Security team is seeking a GRC Analyst to strengthen and evolve our security, compliance, and risk management program with a strong emphasis on SOC 2 readiness, security compliance with laws and regulations, vendor risk management, and security questionnaires. This role is hands-on and focused on ensuring that our security controls are implemented effectively, mapped to recognized frameworks, and continuously improved.

You will support the execution of our SOC 2 program, manage evidence collection and control testing, conduct vendor security reviews, and own the process for responding to client security questionnaires. The GRC Analyst will collaborate closely with internal teams, auditors, and external partners to ensure that our systems maintain a resilient, compliant, and transparent security posture.

This position reports to the Director of Information Security and provides a unique opportunity to shape the compliance and risk function at a high-growth company.

This is a remote-friendly opportunity that can sit in NYC (where our headquarters is located), one of our office hubs (Austin, Miami, or Mountain View), or anywhere else in the US. However, depending on where the remote work is performed, income could be subject to New York State tax withholding.

As Our GRC Analyst, You Will:

• Ensure that DOJ/CISA compliance requirements are properly tracked, and serve as the coordination point for external audits/assessments.
• Collaborate with the Security Program Manager to manage the day-to-day execution of compliance requirements and our SOC 2 program. This includes evidence collection, control testing, and remediation tracking.
• Partner with auditors to coordinate readiness assessments, walkthroughs, and ongoing audits.
• Maintain and update our security policies, procedures, and documentation.
• Own the third-party risk management process, including vendor due diligence, risk assessments, and contract security reviews.
• Ensure that vendors meet Yipit’s security requirements and document remediation plans for identified gaps.
• Collaborate with Sales on the response process for customer and prospect security questionnaires.
• Maintain a library of standard responses and security artifacts (SOC 2 report, policies, security architecture diagrams, etc.) to streamline response efforts.
• Support risk assessments across teams and projects, documenting risks and remediation plans.
• Manage compliance evidence repositories and ensure all required documentation is audit-ready.
• Collaborate with IT, Engineering, and Operations to embed GRC practices into daily workflows.

You Are Likely To Succeed If You:

• Have 2–4 years of experience in GRC, security compliance, or audit roles.
• Have direct experience with SOC 2 programs, vendor risk management, or security questionnaires.
• Understand how to map controls to frameworks like NIST CSF, SOC 2, ISO 27001, or NIST 800-53.
• Are detail-oriented and thrive at organizing evidence, documentation, and workflows.
• Can manage multiple projects while meeting deadlines.
• Communicate complex security and compliance topics clearly to both technical and non-technical partners.
• Hold or are working toward relevant certifications (e.g., CISA, CISSP, CISM, CCSK, ISO 27001 Lead Implementer) – highly valued but not required.
• Have a Bachelor’s degree in Information Security, Information Systems, Computer Science, or a related field (or equivalent work experience).

What We Offer:

Our compensation package includes comprehensive benefits, perks, and a competitive salary:

• Flexible work hours, flexible vacation, and a generous 401K match
• Parental leave, team events, wellness budget, and learning reimbursement
• Growth based on impact, not tenure or politics
• A culture built on ownership, respect, collaboration, and trust

The annual on-target earnings for this position are anticipated to be $87K–$100K. Final offers may be determined by factors including experience, skills, and internal benchmarks.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity employer.